Scammers inject malicious code where you least expect to see it.
Recently, cybersecurity experts discovered a malicious script for stealing information in cyberspace, which disguises itself as the popular Meta Pixel web analytics tool. The detected fraudulent operation is designed to collect credit card data from unsuspecting users.
Sucuri reported that malicious code is being introduced into websites through tools for adding custom code, such as WordPress plugins or the "Miscellaneous Scripts" section in the Magento dashboard.
"Custom script editors are attractive to attackers because they allow you to insert third-party JavaScript code that can pass itself off as harmless, mimicking the names of popular scripts, such as, for example, Google Analytics," said security researcher Matt Morrow.
The fake Meta Pixel tracker script contains elements similar to the legitimate one, but a closer examination reveals additional JavaScript code. This code replaces links to the domain "connect.facebook [.] net" to "b-connected[.]com", which eventually leads to downloading a malicious script from there "fbevents.js". This script is activated on checkout pages and displays a fraudulent form for collecting credit card data.
It is noted that "b-connected[.]com" is a legitimate e-commerce site that was compromised by attackers and used to host a skimmer. The collected data was then sent to another compromised site ("donjuguetes [.] es").
Credit card skimmers are often activated when keywords such as "checkout"are detected. "Since most checkout pages are generated dynamically, these scripts elude public crawlers, and the only way to detect malware is to manually check the page's source code or network traffic," Sucuri said.
In addition, the company recently revealed that sites based on WordPress and Magento were targeted by another type of malware — Magento Shoplift, discovered in September 2023. This code begins its attack by injecting encrypted JavaScript that disguises itself as a Google Analytics script. "WordPress is heavily used in e-commerce thanks to plugins such as Woocommerce, which makes these stores an attractive target for attacks," the researchers explained.
Cybercriminals are now using increasingly sophisticated methods to steal users ' personal data. They skillfully disguise their malicious scripts as popular web tools, practically without arousing suspicion.
In the fight against such threats, you can not relax — site owners need to constantly improve the level of their cybersecurity, carefully check third-party components, regularly update systems and vigilantly monitor suspicious activity. In turn, end users also need to be extra vigilant to avoid falling victim to this type of threat.
Recently, cybersecurity experts discovered a malicious script for stealing information in cyberspace, which disguises itself as the popular Meta Pixel web analytics tool. The detected fraudulent operation is designed to collect credit card data from unsuspecting users.
Sucuri reported that malicious code is being introduced into websites through tools for adding custom code, such as WordPress plugins or the "Miscellaneous Scripts" section in the Magento dashboard.
"Custom script editors are attractive to attackers because they allow you to insert third-party JavaScript code that can pass itself off as harmless, mimicking the names of popular scripts, such as, for example, Google Analytics," said security researcher Matt Morrow.
The fake Meta Pixel tracker script contains elements similar to the legitimate one, but a closer examination reveals additional JavaScript code. This code replaces links to the domain "connect.facebook [.] net" to "b-connected[.]com", which eventually leads to downloading a malicious script from there "fbevents.js". This script is activated on checkout pages and displays a fraudulent form for collecting credit card data.
It is noted that "b-connected[.]com" is a legitimate e-commerce site that was compromised by attackers and used to host a skimmer. The collected data was then sent to another compromised site ("donjuguetes [.] es").
Credit card skimmers are often activated when keywords such as "checkout"are detected. "Since most checkout pages are generated dynamically, these scripts elude public crawlers, and the only way to detect malware is to manually check the page's source code or network traffic," Sucuri said.
In addition, the company recently revealed that sites based on WordPress and Magento were targeted by another type of malware — Magento Shoplift, discovered in September 2023. This code begins its attack by injecting encrypted JavaScript that disguises itself as a Google Analytics script. "WordPress is heavily used in e-commerce thanks to plugins such as Woocommerce, which makes these stores an attractive target for attacks," the researchers explained.
Cybercriminals are now using increasingly sophisticated methods to steal users ' personal data. They skillfully disguise their malicious scripts as popular web tools, practically without arousing suspicion.
In the fight against such threats, you can not relax — site owners need to constantly improve the level of their cybersecurity, carefully check third-party components, regularly update systems and vigilantly monitor suspicious activity. In turn, end users also need to be extra vigilant to avoid falling victim to this type of threat.
